Securing Web Server and File Sharing in Matrix Photo Studio

CHAPTER 1
INTRODUCTION

1.1 Background
Today, many companies used technology to easy their work. In the
competition of business which progressively rises, where system of
management is need in business world like this time. Linux operating system
becomes one of the best chosen; it can handle many tasks as good as
Microsoft. It was implemented by Matrix Photo Studio that located in Jl.
Supratman No. 13 Bandung, but still has weaknesses.
No doubt again opinion of expressing of company expanded in system
of management with security system. And also no doubt again technology is
one of the factor of in this case is “data”, which are data sharing, data security,
centralized data, web server and many more.
Centralized data is a very needed in a company in all area, such as, in
education area, restaurant, business area, and also government. It’s used in a
Photo Studio is very complex. At this opportunity the writer will try to make
data in Matrix Photo Studio centralized and easy to be accessed anytime
anywhere also secure in transmitting the transaction in web service using the
service implemented in Linux Operating System.

1.2 Problem Formulation

1. How to make the data centralized?
2. How to manage data sharing using FTP in Linux?
3. How to build the Web Server and Mail Server?
4. How to make Secure Web Server?

1.3 Purpose
As the purpose of Project is:
1. Adding and performing knowledge and science about how to
implement Linux Administration in Matrix Photo Studio.
2. We can manage data from Management in Matrix Photo Studio.

1
Securing Web Server and File Sharing in Matrix Photo Studio

3. Makes the company efficient and secure in the process of transaction

and access manner in web service.

1.4 Benefit
1. Making the writer know about implementation and administration of
Linux Operating System.
2. Data is more efficient and secure because of FTP and firewall and
data centralized.
3. The writer can design and implement syntax command of Linux in
Matrix Photo Studio.
4. Customer easy to do the transaction and access information about
Matrix Photo Studio.

1.5 Problem boundaries

Problems which we discuss in this Project include:
1. We only discuss about configuration FTP.
2. What are the firewall and the implementation inside?
3. What is web server and mail server about the configuration in Matrix
Photo Studio?

1.6. Writing Systematic

The writing systematic for this project of “Securing Web Server and
File Sharing in Matrix Photo Studio” consists of four chapters, that is:
CHAPTER 1 INTRODUCTION
Explain about article background, problem formulation, purpose,
benefit, problem boundaries, writing systematic, and time schedule.
CHAPTER 2 CONTENT
This chapter explains about the current system and envisioned system
of Matrix Photo Studio.
CHAPTER 3 ANALYSIS
This chapter explains about the Design System of Network Design
Logical Design, Physical Design, Implementing Network, Requirement
System, Implementation System, Installation and OS Configuration, Service

2
Securing Web Server and File Sharing in Matrix Photo Studio

Configuration, Testing, Cost Implementation.

CHAPTER 4 CLOSING
This chapter explains about conclusion and suggestion.
BIBLIOGRAPHY
APPENDIX

1.7 Time Schedule

Table 1.1 Time Schedule

February 2009
No Activities
14 15 16 17 18 19 20 21 22 23 24

1 Looking of Data

Making Abstraction
2
and Preface

3 Make Chapter I – IV

4 Make Closing

6 Making Slide Show

7 Monitoring

3
Securing Web Server and File Sharing in Matrix Photo Studio

CHAPTER 2
BUSINESS PROCESS

2.1 Current System of Matrix Photo Studio

At the time, all the administration and transaction on the Matrix Photo
Studio used manual administration and a simple implementation program, the
confessional or manual manner as well. So the progress report and process
transaction was very slow and little bit confusing. There so many data, such as
billing transaction, ordering product, client request, and many more.
But here, they were not collected all in the same media, they were
booked in every single book, such as record menu displayed in manual book.
And about the web service that was developed so simple and not secure
anymore. No web service was activated before, and just advertisement. No
firewall activated in the system, so the result of security was not implemented
well, inside of many threats in the internetworking traffic. About the security
of File Sharing still used old configuration and not secure.

2.2 Envisioned System of Matrix Photo Studio

Matrix Photo Studio wants a Linux program which can make easy in
transferring data, and web application that can make easy in accessing
information about our services. So the user of Matrix Photo Studio can enjoy
the services.
So, we try to make the services about sharing file in Linux OS using
FTP (File Transfer Protocol), and we used the Secure FTP by activating
additional service in FTP configuration. About the system of networking
implemented in Matrix Photo Studio uses firewall for eliminating whose can
enter to the private or internal network. By using the firewall we can control
the connection manner, and it is about the security data packet anymore. About
the ordering to the customer we user web server and using mail service, used
postfix, and can send back to the customer via their email address as well.

4
Securing Web Server and File Sharing in Matrix Photo Studio

CHAPTER 3
ANALISYS

3.1 Design System of Network Design

3.1.1 Logical Design
In the logical design explains about the design of the system in
general view. At this time, Matrix Photo Studio needs some device to
connect the web server to the Internet using the ISP of Speedy developed
by Telkom. There has some device such as Router, Switch, PC, Web
Server, FTP Server, and DNS and so on. How it can be connected to
build the right system and services? Here is about the Logical design.

Internet -- ISP Speedy

Router
Web Server,
DNS, FTP, Mail
Server, Firewall,

Router

Switch Switch Switch Switch

Customer Admin Print

Art Media
Service Room Server

Picture 3.1 Logical Design Network of Matrix Photo Studio

5
Securing Web Server and File Sharing in Matrix Photo Studio

3.1.2 Physical Design

The detail configuration of all devices about called the Physical
Design which represents the entire network device, so they are set into
one good system network used by Matrix Photo Studio. Here is the
illustration of it.

INTERNET

Firewall Enabled

Modem Router

DNS, Web, Mail,

FTP Server

ADSL Router

Switch 8 Port

Customer
Service

Admin
Room Print
Server
Art Media

Picture 3.2 Physical Design Network of Matrix Photo Studio

3.1.3 Implementing Network

A. Subnetting
- Matrix Photo Studio make the subnetting for making a secure
transmission and privacy sharing from one host to another. We have five
groups of subnetting, Art Media, Print Server, Admin, Customer Service
and Server Room. It should be depends on host for allocating the
subnetting.

6
Securing Web Server and File Sharing in Matrix Photo Studio

Maximum host = 6 Computer (Art Media)

So the formula,
2n-2>=6 computer
N=4
255.255.255.0
11111111.11111111.11111111.00000000
11111111.11111111.11111111.11110000
New Subnet Mask >> 255.255.255.240
Block Per Subnet = 256-240
= 16 Block
Address Range = 192.168.0.0 - 192.168.0.15
192.168.0.16 - 192.168.0.31
192.168.0.32 - 192.168.0.47
192.168.0.48 - 192.168.0.63
.…….. – 192.168.0.254

B. IP Allocation
In a real implementation, Matrix Photo Studio has IP Allocation
according the Server or Department to make easy in security settings and
privacy, also for development phase in the next time. Here is the allocation.

Table of IP Allocation
No. Department/Server IP Address/Network ID
1. Core Server 192.168.0.2
2. Public IP Address 202.17.10.2
3. Art Media 192.168.0.16
4. Customer Service 192.168.0.32
5. Admin 192.168.0.48
6. Print Server 192.168.0.64

7
Securing Web Server and File Sharing in Matrix Photo Studio

C. Routing Process
1. Configure the IP eth0 (default) in the

2. Configure the eth1

vi /etc/sysconfig/network-scripts/ifcfg-eth1

3. Setting ip_forwarding and masquerading.

vi /etc/rc.d/rc.local
And add the script:
echo “1″ > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSROUTING -s 192.168.0.0/24 [eth0 –j]
MASQUERADE

4. Ada route of router as shown bellow.

8
Securing Web Server and File Sharing in Matrix Photo Studio

5. Finally test the configuration.

Ping the 192.168.0.3

3.2 Requirement System

The requirements, analyzed from the above case study, are as follows:
Network topology
a. The network should be easy to install and reconfigure
b. System administrator should be able to add new users without
disturbing the current setup
c. The network topology is not expensive and reliable

Network Model
a. Centralized data storage
b. Shared data processing
c. Authentication of users from a centralized location

Network Cabling
a. Reliability and speed
b. Less expensive

Network Operating System

a. Easy to install and administer
b. User friendly, Reliable and free of charges and licenses
c. Routing capability

9
Securing Web Server and File Sharing in Matrix Photo Studio

Network Protocol
a. Connectivity across computer running on different operating
systems and different configuration
b. Easy to manage the protocol
c. High speed and reliable

Network Security
a. Protection against virus attacks
b. Secure data transfer
c. Analyze system configurations and vulnerabilities
d. Spam mails should not be allowed

Other Requirements
The other requirements are:
a. Static allocation of IP Address: IP Static
b. Uploading files to the clients: FTP Server
c. Domain specification : DNS server
d. Online Service to end-clients : Web Server
e. Communication trough e-mail: Mail Server

3.3 Implementation System

3.3.1 Installation
1. Press the “Start this virtual machine” to start the installation and
wait the loading. And type “linux text” to enter the text mode
installation, and press Enter.

10
Securing Web Server and File Sharing in Matrix Photo Studio

2. In welcome screen, click OK to continue.

3. Choose the language section to install and choose the keyboard that
is used, about “US”. And click Ok.
4. In the disk partition setup press “Disk Druid” and OK
5. And set the partition of it in option: new, edit, delete dll.
6. Crate the “swap” partition as virtual memory on the Hard disk about
512 MB.

7. Create mount partition as: /. And choose the “fill all available space”
press Ok.

8. Check the configuration carefully and press OK

11
Securing Web Server and File Sharing in Matrix Photo Studio

9. In the “Boot Loader Configuration” window set as the requirement,

be careful of it and press Ok.
10. Here is the configuration was made before, read it carefully and
click OK.
11. In this window should be committing about the security, assumed no
GRUB password and click OK.
12. Here about the place wants to be installed of Linux, press OK.

13. In the network configuration for eth0 select all “Configure using
DHCP” and “activate on boot”. And click OK.

14. About configuration of hostname choose “Automatically via DHCP”

press OK
15. Enable the “Firewall”. And press OK.
16. Select the language that is used in Linux, for instance English UK
and click OK.
17. Choose time zonal we are living, example Asia/Jakarta
18. Set the root password as you can and easy to be remembered by
yourself.

12
Securing Web Server and File Sharing in Matrix Photo Studio

19. Select the software additional package want to be installed or leave

it.
20. In the “customise” of package group selection, select the programs
will be customized. Select as the requirement and click OK.

21. Will appear the window “Installation to begin” it just clicks OK to

start formatting phase.

13
Securing Web Server and File Sharing in Matrix Photo Studio

3.3.2 Operating System Configuration

A. Desktop Environment
Matrix Photo Studio uses GNOME Desktop Environment
which is a legal desktop from GNOME Project and this is
acronym of GNU Network Object Model Environment. Why we
use GNOME because GNOME has characteristic economical
memory usage than KDE, so that way, GNOME is little bit faster
than KDE (it is caused of GNOME not orienting in graphical as
like KDE). Once more it is about performance.

Picture 3.1 The Screen Shoot of GNOME in Linux Red Hat Enterprise

B. Package Installation
1. Squirrelmail-1.4.11.tar.gz used for developing a simple
webmail server
2. Redhat-switch-mail-0.5.20-1.src.rpm used for building MTA
switcher to select a service between mail service, ex. Postfix,
qmail, and sendmail.

C. User Configuration
We divide the user configuration into two main
configuration that is user account planning and group planning as

14
Securing Web Server and File Sharing in Matrix Photo Studio

shown bellow.
1. User Accounts Planning
Table of User Accounts Planning
No. User Login Name Member of Group Password
1. Irfan Customer Service irfan
2. Ririn Admin ririn
3. Algry Art Media algry

2. Group Planning
Table of Groups Planning

No. Groups Description

1. Art Handles task of Art Media Department
2. Print Handles task of Print Server Department
3. Admin Handles task of Admin Department
4. Service Handles task of Customer Service Department

D. Backup Configuration
It used for backup the necessary file stored in computer in
each department, for detail allocation and configuration follow
this table.

Table of Backup Configuration

Folder to be Backup Media Type of Day Responsibility
Backed Up Backup
Order Hard disk Incremental Friday Irfan
Finance Hard disk Full Friday Ririn
Art Hard disk Incremental Friday Algry

15
Securing Web Server and File Sharing in Matrix Photo Studio

3.3.3 Service Configuration

A. Domain Name System
Make sure that the package was installed, and the setting of
installation is “Everything” minimally all service network enabled.
Use "rpm -qa | grep bind command:
#bind-utils-9.2.4-2
#bind-9.2.4.-2
#bind-libs-9.2.4-2
#bind-chroot-9.2.4-2
If not installed yet, mount the CDROM:
[root@localhost]# mount /media/cdrom/
Then follow this command:
[root@localhost]# rpm –ivh --
/media/cdrom/RedHat/RPMS/bind-9.2.4-2.i386.rpm
[root@localhost cdrom]# rpm –ivh --
RedHat/RPMS/caching-nameserver-7.3-3.noarch.rpm
After all package installed well, it should be configured about
the file inside.
1). Configure the file /etc/named.conf
Open the file "vi /etc/named.conf", and add the script
bellow.

2). Create file in

“/var/named/chroot/var/named/matrix.net.id.db”.

16
Securing Web Server and File Sharing in Matrix Photo Studio

3). Then create file in the

“/var/named/chroot/var/named/0.168.192.db”.

4). Link the file which already made by:

5). Then configure the file “/etc/resolv.conf” and add the

script "nameserver 192.168.0.2"
And the IP must be in eth0 192.168.0.2 using command
"ifconfig eth0 192.168.0.2" as shown bellow.

6). Restart the service by "service named restart" to see

the last configuration made.

7). Then write this "nslookup 192.168.0.2" to unsure

configuration was made set correctly or "ping
matrix.net.id", the result as shown bellow.

17
Securing Web Server and File Sharing in Matrix Photo Studio

Make Alias Domain Name Server

In the matrix.net.id we make Alias for the domain matrix.net.id,

the name of alias is algry.com. We modify file
“/var/named/chroot/var/named/matrix.net.id.db”, then we add the
argument in the last array that is “alrgy IN CNAME
matrix.net.id”.
This is picture of file that we had been modified.

After making the alias, we want to test that matrix.net.id can be

reach with domain algry.com.

18
Securing Web Server and File Sharing in Matrix Photo Studio

B. FTP Server
File Transfer Protocol is a service for file sharing request, it is
about sharing file. The user can send (upload) file to the server and can
take them (download) from the server. It can be developed using
vsstpd application. Here is the step for making this service.

1. Make sure that was installed by checking “rpm –qa | grep ftp”

2. Some service that must be configured such as,

1. etc/vsftpd.ftpusers (can be added the draft of
login user that not allowed to access FTP Server)
2. etc/vsftpd.user_list
3. etc/vsftpd/vsftpd.conf (main file configuration)
3. The steps to make FTP Server and secure it
4. Edit etc/vsftpd/vsftpd.conf, set and add the syntax as
shown bellow.

For eliminating the user in the etc/vsftpd/user_list

make sure that the configuration as shown bellow.

Remove the commend of #, from the entry as shown bellow

for storing all the log information to the file
/var/log/vsftpd.log

19
Securing Web Server and File Sharing in Matrix Photo Studio

5. Create user accounts on the FTP Server

We create user accounts as irfan, ririn, algry with the same
password with the name. After that we put the name above to
the file /etc/vsftpd.user_list as shown bellow.

6. Verify authentication access to the FTP Server

Check the saved configuration of FTP Server by doing this
command,

The result is right as shown bellow, if the configuration is

right also. And you should test the FTP Server or Secure
FTP Server by this command.

You can add the file wants to be shared to the one folder

20
Securing Web Server and File Sharing in Matrix Photo Studio

called /var/ftp/pub. It means that the content of the

folder are free to be downloaded as the authentication user
wants.

C. Firewall Configuration
4. First, it should check the firewall, already installed or not using
command,

5. If you want a data packet allowed for entering and leaving the
port but it is not routed anymore, use this command,

6. To open the route of in and out data use this command,

7. And if you want to test is the firewall works, follow this

command,

To limit the acceses of client to server using IP tables, the command is :

21
Securing Web Server and File Sharing in Matrix Photo Studio

D. Web Server
1. In Red Hat Enterprise 4 already installed Apache. And become
one service application in Linux namely httpd. Using this
command.

2. If no installed yet, do the same action as we explain before.

And the main point DNS must run well about matrix.net.id.
After that we should configure the directive file located in
/etc/httpd/conf/httpd.conf

Enter the Server Name match with DNS before [matrix.net.id]

3. Run the httpd service using the command.

And for checking the configuration run or not, uses the netstat
command

Or uses the command telnet, and to see the response of it open

the HEAD/HTML, as shown bellow

22
Securing Web Server and File Sharing in Matrix Photo Studio

4. The other ways use the Web Browser, such as, Mozilla,
Internet Explorer, Konqueoror, etc.

5. For customizing the index file, it stored in /var/www/html

and must be configured about the welcome file in
/etc/httpd/conf.d/welcome.conf

We use the noindex.html that was being modified. Use the

command:

23
Securing Web Server and File Sharing in Matrix Photo Studio

cp /var/www/error/noindex.html --
/var/www/html/index.html,

After customizing the index, you will see the result as shown bellow.

E. Mail Server
To configure postfix it should be edited the file.
1. Edit the /etc/postfix/main.cf to identify the domain name and the
local delivery workstation address.

Then make new entry again as follow:

And then add the command myorigin=$mydomain

Add the entry of the mydestination become as follow

24
Securing Web Server and File Sharing in Matrix Photo Studio

Edit the inet_interfaces = all

Add the network become mynetworks = 127.0.0.0/8,

192.168.0.0/24

Make sure and op eth # of home_mailbox = Maildir/

Open the # of header_checks = regexp:/etc/postfix/header_checks

and add the command as shown below:

Close all configurations and save it.

2. Activate the Postfix as the default mail server
Use the MTA Switcher tool to activate postfix as default mail
server and deactivate Sendmail. First, deactivate the Sendmail mail
server by:

Then invoke the MTA Switcher tool use the command:

3. Start the postfix

The Client-Mail Configuration

Set all needs configuration to the client, so the user can send
and receive the e-mail across mail server using Postfix.
1. Identify the identity of person who handles the mail server, as
shown bellow.

25
Securing Web Server and File Sharing in Matrix Photo Studio

2. Set all need the receiving mail as same as the requirement,

such as shown bellow.

3. It is about sending configuration, it used SMTP, set the host

name as shown bellow. It is almost over the confifuration, you
need to check it carefully, and enjoy e-mail services.

26
Securing Web Server and File Sharing in Matrix Photo Studio

Test the configuration made you should send a message: irfan

send to algry about the order photo. Follow this command:

3.4 Testing
1. It can not switch the mail services

Solution
It was not installed yet about the package Redhat-switch-mail-0.5.20-
1.src.rpm, install it and run the same command.
2. It cannot send an e-mail

27
Securing Web Server and File Sharing in Matrix Photo Studio

Solution
- Enable the dovecot properties in the ntsysv service. The set all the
required setting in the Domain configuration as

- Restart the services of postfix, network and named

3.5 Cost Implementation

Product : Router Price Justification
TP-link TL WR6416-4 Rp. 480.000 Because this router
Port have a speed 100Mbps

Product : Antivirus Price Justification

Kaspersky Linux Rp.500.000 We would be using it
Version because of the security
are complete

Product : RJ 45 Price Justification

RJ 45 RP. 15000/box connector from
switch
computer and etc.

Product : Cable UTP Price Justification

UTP CAT 5 Rp. 5.000/meter Because this version
can handle of
transmission data up to
100Mbps so the speed
in transmission is fast.

Product : Complete CPU Price Justification

Complete CPU Intel Rp 4.500.000,00 This computer is
Pentium 4 enough for
requirements

28
Securing Web Server and File Sharing in Matrix Photo Studio

Product : Switch Price Justification

D-link DES-1008D Rp. 204.900,00 Because the flexibly
connect to Ethernet
and have a speed
810/100 Mbps Port

Product : Printer Price Justification

Canon IP 1880 Rp. 450.000 Because the printer is
enough for used in the
system and the price is
low.

29
Securing Web Server and File Sharing in Matrix Photo Studio

CHAPTER IV
CLOSING

4.1 Conclusion
After explaining about Matrix Photo Studio above, we can get some of
the conclusion for making sharpness in understanding the content and all about
our problem formulation. Here, one of them:
7. DNS used to handle the domain requirement in matrix.net.id and
becomes the main point to run other application stored in
/etc/named.conf,
/var/named/chroot/var/named/matrix.net.id.db, and
/var/named/chroot/var/named/0.168.192.db
8. FTP used for handling the file sharing task in Matrix Photo Studio by
enabling the FTP Configuration stored in the /etc/vsftpd/ftpuser,
/etc/vsftpd/user_list, and /etc/vsftpd/vsftpd.conf
9. To the security phase need a firewall to again the spam or other bad packet
across the internet.
10. .............................................................................................................W
eb Server is used to develop and give services to the department in Natrix.inc
about the connection and service to the customer that built in editing the
/etc/httpd/conf/httpd.conf
11. Mail Server gives the service mail to the customer and the employee in every
occasion needed stored in /etc/postfix/main.cf, and
/etc/postfix/master.cf

4.2 Suggestion
Here we suggest when wants to built the same service ensure that all
requirements, costs are planned well. Then on the next arrangement of paper
we suggest explain more detail of process transmitting data, routing process
and the firewall configuration more detail.

30
Securing Web Server and File Sharing in Matrix Photo Studio

BIBLIOGRAPHY

[1] http://www.redhat.com/docs [January 19 2008]

[2] http://id.wikipedia.org/wiki/FTP [January 19 2008]
[3] http://id.wikipedia.org/wiki/Web Server [January 19 2008]
[4] Copyrigth@NIIT.Student Guide Linux Networking and Security
Administration
[5] Copyrigth@NIIT.Student Guide Implementing and Mmanaging Security
[6] Copyrigth@NIIT.Project and Reference reading guide

31